[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnuIBtnNwEQl4BHnu6gkvbNhdCsbTwEjIqDUTIQPWHsU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":58,"crawl_stats":37,"alternatives":64,"analysis":160,"fingerprints":248},"video-blogster-lite","Video Blogster Lite","1.2","johnh10","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnh10\u002F","\u003Cp>No need to search YouTube and copy\u002Fpaste videos into WordPress. Video Blogster\u003Cbr \u002F>\nLite will automatically fetch the title, description, thumbnail, and\u003Cbr \u002F>\nstatistics for each video in your keyphrase search. Integrates seamlessly with\u003Cbr \u002F>\nWP-PostRatings and WP-PostViews.\u003C\u002Fp>\n","Create a video blog in minutes! This plugin searches YouTube for content and automatically creates posts from the results.",800,22714,100,5,"2023-05-15T21:28:00.000Z","6.2.9","3.0","",[20,21,22,23,24],"oembed","video-blog","videoblog","you-tube","youtube","http:\u002F\u002Fwww.superblogme.com\u002Fvideo-blogster-lite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvideo-blogster-lite.1.2.zip",42,2,"2025-09-26 00:00:00","2026-03-15T15:16:48.613Z",[32,46],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-60132","video-blogster-lite-cross-site-request-forgery","Video Blogster Lite \u003C= 1.2 - Cross-Site Request Forgery","The Video Blogster Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-29 21:17:13",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F965bb0f7-0757-4842-9c26-a5574145a6a3?source=api-prod",{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":51,"cvss_vector":52,"vuln_type":53,"published_date":54,"updated_date":55,"references":56,"days_to_patch":37},"CVE-2025-47689","video-blogster-lite-reflected-cross-site-scripting","Video Blogster Lite \u003C= 1.2 - Reflected Cross-Site Scripting","The Video Blogster Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-07-23 00:00:00","2025-07-28 20:41:53",[57],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2549394c-2f2f-4d90-a11c-ba6f28c3ea39?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":59,"avg_security_score":60,"avg_patch_time_days":61,"trust_score":62,"computed_at":63},810,71,30,74,"2026-04-04T07:18:09.666Z",[65,87,104,122,142],{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":75,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":18,"tags":80,"homepage":83,"download_link":84,"security_score":85,"vuln_count":86,"unpatched_count":86,"last_vuln_date":37,"fetched_at":30},"hide-related-video-youtube","Hide Related Video Youtube","1.0","TranHoangQuoc","https:\u002F\u002Fprofiles.wordpress.org\u002Ftranhoangquoc\u002F","\u003Cp>Hide related video youtube is a plugin remove related video other chanel when you use YouTube oEmbed.\u003C\u002Fp>\n\u003Cp>On activation, the plugin clears the oEmbed cache so that the videos can be successfully re-cached with the new setting. If you are upgrading the plugin, you may need to manually deactivate, then reactivate it to clear the cache.\u003C\u002Fp>\n","Hide related video youtube is a plugin remove related video other chanel when you use YouTube oEmbed.",1000,10720,82,9,"2019-01-17T15:31:00.000Z","5.0.25","2.9",[20,81,82,24],"related","video","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-related-video-youtube\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-related-video-youtube.1.0.zip",85,0,{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":86,"num_ratings":86,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":102,"download_link":103,"security_score":85,"vuln_count":86,"unpatched_count":86,"last_vuln_date":37,"fetched_at":30},"youtube-widget","YouTube widget","1.1","sk33t","https:\u002F\u002Fprofiles.wordpress.org\u002Fsk33t\u002F","\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 2.2+ or 2.0.x\u002F2.1.x with WordPress Widgets\u003C\u002Fli>\n\u003C\u002Ful>\n","This widget will display a YouTube video in the sidebar. Just enter the URL of the video, and it’ll show in the sidebar. You can change the width and  &hellip;",500,57817,"2009-01-06T06:27:00.000Z","2.7","2.0.2",[101,23,24],"widget","http:\u002F\u002Fja.meswilson.com\u002Fblog\u002F2007\u002F05\u002F31\u002Fwordpress-youtube-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyoutube-widget.zip",{"slug":105,"name":106,"version":68,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":18,"download_link":121,"security_score":85,"vuln_count":86,"unpatched_count":86,"last_vuln_date":37,"fetched_at":30},"youtube-subscribe-widget","YouTube Subscribe widget","ebreeze","https:\u002F\u002Fprofiles.wordpress.org\u002Febreeze\u002F","\u003Cp>This widget will display a YouTube SUBSCRIBE button, the number of subscribers and videos in the sidebar. When configuring you have to specify your YouTube username. You can also change the widget width and height as well as the widget title. The title could be linked to the YouTube profile as well.\u003C\u002Fp>\n\u003Cp>This plugin is provided by \u003Ca href=\"http:\u002F\u002Fwww.flatrocktech.com\u002F\" rel=\"nofollow ugc\">Flat Rock Technology\u003C\u002Fa>. For more information please do not hesitate to contact us.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 2.2+ or 2.0.x\u002F2.1.x with WordPress Widgets\u003C\u002Fli>\n\u003C\u002Ful>\n","Add a widget to display YouTube subscribe box in the sidebar.",400,38633,80,1,"2013-04-28T15:53:00.000Z","3.1.4","2.8.0",[101,23,24,119,120],"youtube-subscribe","youtube-subscribers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyoutube-subscribe-widget.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":13,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":18,"download_link":141,"security_score":13,"vuln_count":86,"unpatched_count":86,"last_vuln_date":37,"fetched_at":30},"better-core-video-embeds","Better Core Video Embeds","1.3.8","Highrise Digital","https:\u002F\u002Fprofiles.wordpress.org\u002Fhighrisedigital\u002F","\u003Cp>This plugin provides page optimisations for pages and posts which have embedded Youtube, Vimeo or Daily Motion videos which have been added using the core embed block.\u003C\u002Fp>\n\u003Cp>Without this plugin, when using the core embed block, when your page loads, lots of external scripts and styles are loaded from the embed service, regardless of whether a visitor actually interacts with the embedded video.\u003C\u002Fp>\n\u003Cp>This plugin prevents these scripts and styles from loading until the user actually interacts with the video. It does this by replacing the video embed, on page load with the video thumbnail image (added on Youtube, Vimeo or Daily Motion). When a user clicks the thumbnail the embedded video, along with associated scripts and styles are loaded.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fk7A2kZWUb9Q?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","A plugin which enhances the core embed block for Youtube, Daily Motion and Vimeo videos by not loading unnecessary scripts until they are needed.",200,15784,11,"2025-06-02T10:52:00.000Z","6.8.5","6.0","7.0",[138,20,139,140,24],"embed","performance","vimeo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-core-video-embeds.1.3.8.zip",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":13,"downloaded":150,"rating":62,"num_ratings":151,"last_updated":152,"tested_up_to":153,"requires_at_least":154,"requires_php":18,"tags":155,"homepage":18,"download_link":159,"security_score":85,"vuln_count":86,"unpatched_count":86,"last_vuln_date":37,"fetched_at":30},"responsive-oembed","Responsive oEmbed","1.4.1","Palasthotel GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fpalasthotel\u002F","\u003Cp>ATTENTION for WP Version 5+: This plugin does not work with Gutenberg (no problems with Classic Editor plugin though)! Gutenberg brings its own CSS for responsive oEmbed elements, so this plugin would double that and create strange effects.\u003C\u002Fp>\n\u003Cp>This plugin uses some minimal CSS rules and a wrapping HTML element to maintain the aspect ratio of oEmbed elements with fixed aspect ratio (e. g. YouTube, Vimeo or Soundcloud).\u003C\u002Fp>\n\u003Cp>Unlike other plugins, this plugin does not use any JavaScript!\u003C\u002Fp>\n\u003Cp>The aspect ratio is calculated from the (iframe, object or embed) HTML tag width and height attributes. An aspect ratio will only be applied, if both width AND height attributes are given by the oEmbed element and if there is no data-secret attribut set (because those are handled via wp-embed.js). Some oEmbeds have no width or height attributes set, because they calculate their dimension via JavaScript. In those cases this plugin has no effect.\u003C\u002Fp>\n\u003Cp>You can find a \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FEmbeds#Okay.2C_So_What_Sites_Can_I_Embed_From.3F\" rel=\"nofollow ugc\">list of all oEmbed sites supported by WordPress here\u003C\u002Fa>.\u003C\u002Fp>\n","Makes oEmbed elements with fixed aspect ratio (like YouTube, Vimeo or SoundCloud) scale responsively.",3340,3,"2019-03-03T12:43:00.000Z","5.1.22","4.0",[156,157,20,158,24],"aspect-ratio","iframe","responsive","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsive-oembed.1.4.1.zip",{"attackSurface":161,"codeSignals":177,"taintFlows":214,"riskAssessment":232,"analyzedAt":247},{"hooks":162,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":86,"unprotectedCount":86},[163,169],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","admin_enqueue_scripts","enqueue_options_styles","video-blogster-lite.php",32,{"type":164,"name":170,"callback":171,"file":167,"line":172},"admin_menu","add_menus",33,[],[],[],[],{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":151,"externalRequests":114,"nonceChecks":86,"capabilityChecks":86,"bundledLibraries":213},[],{"prepared":86,"raw":86,"locations":180},[],{"escaped":14,"rawEcho":182,"locations":183},15,[184,188,189,190,191,193,194,197,199,202,204,206,207,209,211],{"file":185,"line":186,"context":187},"templates\\create-posts.php",16,"raw output",{"file":185,"line":186,"context":187},{"file":185,"line":61,"context":187},{"file":185,"line":61,"context":187},{"file":185,"line":192,"context":187},56,{"file":185,"line":192,"context":187},{"file":195,"line":196,"context":187},"templates\\process-results.php",7,{"file":195,"line":198,"context":187},12,{"file":200,"line":201,"context":187},"templates\\query-youtube.php",6,{"file":200,"line":203,"context":187},8,{"file":200,"line":205,"context":187},31,{"file":200,"line":205,"context":187},{"file":208,"line":61,"context":187},"templates\\video-feed.php",{"file":208,"line":210,"context":187},38,{"file":167,"line":212,"context":187},338,[],[215],{"entryPoint":216,"graph":217,"unsanitizedCount":114,"severity":231},"\u003Cvideo-feed> (templates\\video-feed.php:0)",{"nodes":218,"edges":228},[219,223],{"id":220,"type":221,"label":222,"file":208,"line":210},"n0","source","$_SERVER['REQUEST_URI']",{"id":224,"type":225,"label":226,"file":208,"line":210,"wp_function":227},"n1","sink","echo() [XSS]","echo",[229],{"from":220,"to":224,"sanitized":230},false,"low",{"summary":233,"deductions":234},"The video-blogster-lite v1.2 plugin exhibits a mixed security posture. While it demonstrates some good practices, such as using prepared statements for all SQL queries, there are significant areas of concern. The lack of any identified nonce checks or capability checks on the entry points, combined with a concerning taint analysis result indicating a flow with unsanitized paths, suggests a potential for vulnerabilities, especially in the absence of a broad attack surface being exposed. The plugin's history of known vulnerabilities, including two currently unpatched medium severity issues of Cross-Site Request Forgery and Cross-Site Scripting, further amplifies the risk.  These historical patterns, particularly the types of vulnerabilities, point towards potential weaknesses in input validation and output sanitization that have not been fully addressed.\n\nDespite the positive aspects of secure SQL handling, the unpatched vulnerabilities and the findings from the static and taint analysis are substantial red flags. The 25% proper output escaping is also a weak signal. The absence of a larger attack surface is fortunate, but it does not negate the existing risks. The conclusion is that while the plugin has some secure foundations, the unpatched vulnerabilities and the identified code analysis concerns create a notable risk that requires immediate attention.",[235,238,241,243,245],{"reason":236,"points":237},"Unpatched medium severity CVEs (2)",20,{"reason":239,"points":240},"No nonce checks found",10,{"reason":242,"points":240},"No capability checks found",{"reason":244,"points":240},"Taint flow with unsanitized paths",{"reason":246,"points":14},"Low percentage of properly escaped output","2026-03-16T19:18:16.644Z",{"wat":249,"direct":256},{"assetPaths":250,"generatorPatterns":252,"scriptPaths":253,"versionParams":254},[251],"\u002Fwp-content\u002Fplugins\u002Fvideo-blogster-lite\u002Fvideo-blogster-lite.css",[],[],[255],"video-blogster-lite\u002Fvideo-blogster-lite.css?ver=",{"cssClasses":257,"htmlComments":258,"htmlAttributes":259,"restEndpoints":260,"jsGlobals":261,"shortcodeOutput":262},[],[],[],[],[],[]]